I know this is an old topic, but I have a question about insurance and the long-term storage of personal data.
Imagine a situation where an item was repaired last year, and now someone is suing the Repair Café Association because the repaired item caused a house fire. While this scenario might seem a bit unusual, considering the number of Repair Cafés worldwide, it’s statistically possible.
In such a case:
How would you identify the volunteer who repaired the item?
If the item was electrical and caused the fire, how would you track PAT testing records?
What is the best way to manage and store these personal records over time?
At Lambeth Repair Cafe we collect the visitor registration details (per event) and the repair details on separate sheets, the latter is not linked to the former and has no identifying information. A visitor will have a single event registration form but can have multiple repair sheets. The registration forms go with the organiser to add to the mailing list database, I’m not certain what they do with those sheets but I imagine they are filed. The repair details are taken by myself and when the data is entered into the Fixometer those sheets are recycled.
The registration form has a full explanation of risks and responsibilities and is effectively a waiver. The visitor adds their email (optional), name and signature. A brief summary is on the website.
I’ve moved your question into a new topic to avoid resurrecting an old one and keep things more focused on your specific question.
Do you help run a Repair Café?
If so, the GDPR topic you originally posted in contains useful discussion on what data you might want to collect and how. Of course, if you start collecting personal data, it’s important to have a proper data & privacy policy and make sure that you’re getting consent from the people you’re collecting data from - they’ll need to know what data you’re asking for, how you’ll use it, how they can opt-out at any time and so on.
I know many groups aim to minimise the collection of personal data to simplify the admin that comes with running events, and this is often a sensible approach. What data do you actually need to collect?
Any personal data you do collect needs to be stored securely, whether on paper or digitally - i.e. only accessible by the group organiser(s). Every group will likely have its own system for this. But if you use a digital system (e.g. storing a spreadsheet in a cloud service like Microsoft or Google’s, or use a mailing list service like Mailchimp), you’ll need to let people know that’s where you’re storing their data.
When it comes to insurance, we have some seperate guidance here:
But a key principle is to make sure that visitors know the core ethos of community repair events: that they are events where you can repair your own item with help from an experienced volunteer fixer. Ideally these are learning events not a ‘repair service’.
I’d add that PAT records should be kept pretty much indefinitely - widely quoted position is “Although there is no legal requirement to keep records of inspection & testing, the HSE Memorandum of Guidance on the Electricity at Work Regulations 1989 advises that records of maintenance including tests should be kept throughout the working life of the appliance”. So similar to most of the situation around PAT - it’s not legally required but if anything goes wrong and you didn’t follow the guidance…
Also when I was chatting to our insurance providers Wessex (they cover a lot of repair cafes and men’s sheds) they told me it was technically difficult to price cover for professional liability as they weren’t aware of any claims in over a decade!
So although we are rightly very concerned to make sure our work is safe and of high quality - actually insurance claims against repair cafes are more likely from tripping over than from anything else.
PAT testing is designed to mitigate against a shock hazard, not fire. Whereas as part of the visual check you should check the fuse in the plug, the purpose of this is to protect the mains lead, not the appliance. A 13A fuse is acceptable (though not desirable) in a detachable mains lead for a low wattage device, provided that the lead itself is rated for 13A. But if you fit a 3A fuse potentially reducing the risk of a fire in the device itself, if that lead is subsequently used for a high wattage device, the fuse is likely to blow! A CE mark on the device itself should be your assurance that it’s not oing to catch fire, properly used.
Like an MOT, a PAT test can only tell you the state of a device on the day of the test. A re-test is generally advised after 12 months so if an issue arose after that I don’t see that you could be held responsible as you’d have no idea how the device had been used or abused in the meantime. Best practice is to retain PAT test records indefinitely but the only possible point of that is to demonstrate that yes, you have been doing PAT tests all these years.
If volunteers thought they might be held individually responsible for any mistakes or oversights in their work, I wouldn’t expect to get many volunteers! That’s the point of group insurance, so that the group can carry the risk (whilst ensuring that volunteers have a basic level of competence and have read and signed your safety instructions).
Recently I’ve taken to scanning or photographing the flip charts and individual fixers’ records, but this is just so I can look back and see what we did previously if someone returns for further work on a device. (But it also means I can sit comfortably at my desk to enter the data into the Fixometer, with the source data displayed on my lovely 34" curved screen monitor I got cheap from the local Reuse Shop!)
We (your repair group may have a different policy!) aren’t doing a PAT test because it’s a legal requirement which results in an insurance-backed “PASSED” label with a re-test date, we’re doing a test because it’s a relatively well understood check which first assures us that the device is safe for our volunteers to work on, and then after a successful repair it assures us that the device is at that point safe - nothing more, nothing less. So I don’t see any relevance to longer retention of pat test records. Basically we don’t claim to offer a formal insurance-backed PAT test which covers the item’s owner for a year if we got something wrong, and we don’t stick PASSED labels on fixed items.
Thank you all for your thoughtful feedback! I really appreciate how clearly you’ve shared your perspectives, even though there are some differing opinions. I’ll be discussing this with my team to work toward a collective approach to our storage policy.